OAuth 2.0

Use OAuth 2.0 when the external provider requires delegated, token-based authorization with grant-specific configuration.

Nected supports:

• Client Credentials

• Password Grant

• Authorization Code

When to use OAuth 2.0

• Provider requires OAuth endpoints (Authorization URL / Token URL)

• You need scoped access and token lifecycle management

• You need secure third-party integration without sharing raw user passwords (except Password Grant scenarios)

Shared OAuth fields in Nected

Depending on grant type, you will configure:

• Grant Type

• Authorization URL (Authorization Code only)

• Token URL

• Client ID

• Client Secret

• Header Prefix (optional, usually Bearer)

• Audience (optional)

• Scope (optional)

• Username/Password (Password Grant only)

Grant type: Client Credentials

Use for server-to-server integration where your app accesses its own resources.

Client Credentials: Required fields

• Token URL

• Client ID

• Client Secret

• Optional: Header Prefix, Audience, Scope

Client Credentials: Setup steps

1. Create auth from either location:

   • Path A: Security > Authorization -> + New Authentication -> OAuth 2.0.

   • Path B: REST API connector configuration sidebar -> Authentication dropdown -> Create Authentication -> OAuth 2.0.

2. Select Client Credentials as grant type.

3. Fill required fields.

4. Save configuration and attach/select it in the integration step.

5. Test token fetch + API call.

Grant type: Password Grant

Use only when provider requires resource-owner username/password flow and trust boundary allows it.

Password Grant: Required fields

• Token URL

• Client ID

• Client Secret

• Username

• Password

• Optional: Header Prefix, Audience, Scope

Password Grant: Setup steps

1. Create/select OAuth 2.0 authentication from Security Authorization or directly from the REST API connector sidebar.

2. Select Password Grant in OAuth configuration.

3. Enter token endpoint + client credentials + user credentials.

4. Save and attach/select it in the integration.

5. Test authenticated API call.

Grant type: Authorization Code

Use for user-consent-based integrations and higher security requirements.

Authorization Code: Required fields

• Authorization URL

• Token URL

• Client ID

• Client Secret

• Optional: Header Prefix, Audience, Scope

Authorization Code: Setup steps

1. Create/select OAuth 2.0 authentication from Security Authorization or directly from the REST API connector sidebar.

2. Select Authorization Code grant in OAuth configuration.

3. Enter provider authorization + token URLs.

4. Add client credentials.

5. Ensure redirect URI is configured at provider side (for example https://app.nected.ai/oauth/redirect when applicable).

6. Save configuration.

7. Complete authorization flow and verify token exchange.

How to validate OAuth setup

1. Trigger a call to the protected endpoint from integration.

2. Verify token is generated/used successfully.

3. Confirm response status and payload from provider.

4. Re-test after token expiry window to confirm refresh/re-fetch behavior.

Security considerations

• Prefer Authorization Code or Client Credentials over Password Grant when possible.

• Keep client secrets in secure secret stores only.

• Restrict scopes to minimum required access.

• Ensure all OAuth endpoints are HTTPS.

• Keep redirect URIs exact and trusted.

Common errors and fixes

• Invalid client: check Client ID/Client Secret.

• Invalid redirect_uri: ensure exact URI match in provider config.

• invalid_scope: requested scope not allowed by provider.

• Token fetch fails: verify token URL, grant type, and required grant fields.

• 401 after setup: token may be expired or API requires different audience/scope.